mutt (1.7.2-1+deb9u3) stretch-security; urgency=high
* debian/patches:
+ added security/CVE-not-yet-released.patch to fix a possible MITM
response injection attack when using STARTTLS with IMAP, POP3 and SMTP.
-- Antonio Radici <email address hidden> Fri, 19 Jun 2020 06:55:35 +0200